Skip to content

OSG-SEC-2021-08-25 Vulnerabilities in JupyterLab and Jupyter Notebook

Dear OSG Security Contacts,

CRITICAL and lower risk vulnerabilities have been identified concerning JupyterLab and Jupyter Notebook.

IMPACTED VERSIONS:

For Jupyter Notebook Patched versions: 5.7.11, 6.4.1 For JupyterLab Patched versions: 3.1.4, 3.0.17, 2.3.2, 2.2.10, 1.2.21

Earlier versions are likely to be vulnerable.

WHAT ARE THE VULNERABILIES:

Vulnerabilities have been reported in JupyterLab (CVE-2021-32797 [1]) and Jupyter Notebook (CVE-2021-32798 [2]) which allow untrusted code in a Notebook to execute on load.

WHAT YOU SHOULD DO:

Sites and VOs should update to the latest version of JupyterLab and Jupyter Notebook as soon as possible. There are no recommended mitigations.

REFERENCES

[1] https://nvd.nist.gov/vuln/detail/CVE-2021-32797

[2] https://nvd.nist.gov/vuln/detail/CVE-2021-32798

Please contact the OSG security team at [email protected] if you have any questions or concerns.

OSG Security Team